Privilege separations talk

Matthias Schmidt

Philipps University Marburg
Department of Mathematics and Computer Science

Publications
Actual list FreeBSD on an IBM T43 [2005] Linux Powerbook HOWTO [upd. 2006] Journaling File Systems paper [2005] Wireless LAN paper [2004] Diploma protocols [upd 2006] Infrared HOWTO [2001]

Code	^
pkg_search [2007] OpenThesaurus-Widget [2007] dermob [2006] pumipd [2006] owl-control [2005] Brainfuck Interpreter [2005] FreeBSD GBDE script [2005] Linux LoopAES script [2004] Spam report script [2003] mfetch POP3 client [2003] popa3d IPv6 patch [2003] IEEE 1394 Firewire script [2003]

Privilege Separation talk

This slides are about Privilege Separation. The basic idea behind is to split up a forked process into one privileged master process and one or more unprivileged child processes. All communication with untrusted sources is handled by the unprivileged and mostly chroot(2)ed process.

Figure 1: Openwall popa3d process management

I presented this talk at a private CCC meeting in 2004.

Slides

privsep_slides.pdf [228 KB]

Links

Openwall popa3d POP3 server

Copyleft (l) 2002-05 by Matthias Schmidt.

Matthias Schmidt

Philipps University Marburg Department of Mathematics and Computer Science

Privilege Separation talk

Slides

Links

Philipps University Marburg
Department of Mathematics and Computer Science